Cryptology ePrint Archive: Report 2006/435

Searching for Shapes in Cryptographic Protocols (extended version)

Shaddin F. Doghmi and Joshua D. Guttman and F. Javier Thayer

Abstract: We describe a method for enumerating all essentially
different executions possible for a cryptographic protocol.
We call them the shapes of the protocol. Naturally
occurring protocols have only finitely many, indeed very few
shapes. Authentication and secrecy properties are easy to
determine from them, as are attacks and anomalies. CPSA,
our Cryptographic Protocol Shape Analyzer, implements the
method.

In searching for shapes, CPSA starts with some initial
behavior, and discovers what shapes are compatible with it.
Normally, the initial behavior is the point of view of one
participant. The analysis reveals what the other principals
must have done, given this participant's view.

The search is complete, i.e. every shape can in fact be
found in a finite number of steps. The steps in question
are applications of two authentication tests, fundamental
patterns for protocol analysis and heuristics for protocol
design. We have formulated the authentication tests in a
new, stronger form, and proved completeness for a search
algorithm based on them.